CVE-2011-2713

2011-10-2118:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-2713

openoffice.org

libreoffice

denial of service

crash

remote attackers

doc file

out-of-bounds read

sprm parser

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6 Medium

AI Score

Confidence

High

0.041 Low

EPSS

Percentile

92.2%

JSON

oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.

Affected configurations

NVD

Node

libreofficelibreofficeRange≤3.4.2

libreofficelibreofficeMatch3.3.0

libreofficelibreofficeMatch3.3.1

libreofficelibreofficeMatch3.3.2

libreofficelibreofficeMatch3.3.3

libreofficelibreofficeMatch3.3.4

libreofficelibreofficeMatch3.4.0

libreofficelibreofficeMatch3.4.1

sunopenoffice.orgMatch3.3.0

CPENameOperatorVersion
libreoffice:libreofficelibreofficele3.4.2
libreoffice:libreofficelibreofficeeq3.3.0
libreoffice:libreofficelibreofficeeq3.3.1
libreoffice:libreofficelibreofficeeq3.3.2
libreoffice:libreofficelibreofficeeq3.3.3
libreoffice:libreofficelibreofficeeq3.3.4
libreoffice:libreofficelibreofficeeq3.4.0
libreoffice:libreofficelibreofficeeq3.4.1
sun:openoffice.orgsun openoffice.orgeq3.3.0

CPE	Name	Operator	Version
libreoffice:libreoffice	libreoffice	le	3.4.2
libreoffice:libreoffice	libreoffice	eq	3.3.0
libreoffice:libreoffice	libreoffice	eq	3.3.1
libreoffice:libreoffice	libreoffice	eq	3.3.2
libreoffice:libreoffice	libreoffice	eq	3.3.3
libreoffice:libreoffice	libreoffice	eq	3.3.4
libreoffice:libreoffice	libreoffice	eq	3.4.0
libreoffice:libreoffice	libreoffice	eq	3.4.1
sun:openoffice.org	sun openoffice.org	eq	3.3.0